I have a policy that block phpproxy application for security reason.
There is a web site http://www.sac-cas.ch (shop tab) is blocked because some request are recognised as phpproxy application.
I'd like to build an application that allow phpproxy when host is www.sac-cas.ch in a way to bypass the block.
Here below the custom application I created for this purposed.
Basically the application has as parent app phpproxy and signature match host www.sac-cas.ch.
I don't know why but it seams that this customer application in recognized not only when application is phpproxy but eve if the traffic i web browsing. Where I'm doing wrong ? It somethong related to App dependencies ?
As php-proxy in turn depends web-browsing try using Parent App as Web-browsing.
Reasoning : The App-ID engine processes applications in a hierarchy that looks for web-browsing, then web-based applications such as php-proxy and then custom http applications.
By choosing web-browsing ,an application that is lower in the hierarchy, the PAN-OS is forced to recognize and react to that traffic earlier than it normally would for a custom http application.
I think Application override is not the right approach as I don't have particular destibnation ip or source ip. It is really a news app based on existing one.
if I use web-browsing as Parent app it means that all traffic from the site will be classified as custom application, my intend was to recognize as custom application only phpproxy traffic type.
Anyway I don't understand why if I definine phpproxy app as parent the web-browsing traffic is recognized by the custom app.
Sorry to bump this after so long but what I wanted to do is relevant.
I wanted to just change ports on an existing app without having to use 'Any' or have to list all ports for the application and it's dependencies. I was hoping to create a custom app with the original app as the parent and just list the port it would use.
I believe the Application Override suggestion above would be needed. From reading the documentation, you have to include a signature in the custom app. The only time you do not is if you're using it in an Application Override policy. That's kinda a bummer. Thought I'd get off easy.
What I'm hoping is that I can build a custom app with the built-in app as the parent, create an Application Override just for that new app and in the security policy add the built in app & the custom app.
I've seen custom apps built without signatures and they always end up including all the ports from the original app, an Application Override created and the original app then not used. This seems to be no different than just creating a Service Object because signatures are no longer used; just ports.
This is where being able to clone a built in app would be helpful. :smileylaugh:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!